FlagThis

Apple is notifying users who are likely targeted by government-sponsored spyware, but is redirecting them to third-party security labs instead of performing forensic analysis. This decision stems from their position that in-depth forensic analysis could inadvertently reveal spyware capabilities to the attackers. This approach is praised by security experts as it balances victim protection and security research.

Amnesty International has exposed Serbian police’s use of Cellebrite’s forensic tools to extract data from journalists and activists’ phones, followed by the installation of a new Android spyware called NoviSpy. The spyware is suspected to be linked to the Serbian intelligence services, highlighting the misuse of surveillance technology against civil society and journalists. This sophisticated attack vector showcases a dangerous trend of using Cellebrite’s device-unlocking technology to plant malware.

The Russian-aligned Gamaredon APT group has been attributed to the development and deployment of two new Android spyware families named BoneSpy and PlainGnome. BoneSpy has been active since 2021, while PlainGnome appeared in 2024. These tools are used to target former Soviet states, focusing on Russian-speaking victims, and are used for surveillance purposes. These sophisticated malwares collect sensitive data including SMS messages, call logs, device location, and contact lists. PlainGnome acts as a dropper for the surveillance payload, while BoneSpy is deployed as a standalone application.

This cluster reports on findings by iVerify regarding the widespread use of Pegasus spyware. The research indicates a broader impact than previously known, affecting not just high-profile individuals but also ordinary users. This underscores the ongoing threat of sophisticated spyware and the need for robust mobile security.

The FSB, Russian Federal Security Service, allegedly used a trojanized application to monitor a Russian programmer accused of supporting Ukraine. This highlights the use of sophisticated surveillance techniques by state actors against individuals perceived as threats. The incident underscores the importance of digital security and privacy, especially in high-risk environments. The spyware was hidden in an app that the programmer downloaded.

Unsealed court documents reveal that the NSO Group, developers of the Pegasus spyware, cut off access for 10 government clients due to misuse of the software. The documents also detail the existence of three exploits targeting WhatsApp users and estimate that Pegasus was deployed on hundreds to tens of thousands of devices. This highlights ongoing concerns around state-sponsored surveillance and the abuse of powerful spyware technologies.

A US Judge has ruled that NSO Group is liable for exploiting a vulnerability in WhatsApp to spy on 1,400 users. The court found NSO Group violated the Computer Fraud & Abuse Act, and WhatsApp is entitled to sanctions against NSO. NSO Group’s spyware, Pegasus, was used to target victims. This ruling has been called a landmark and major victory for WhatsApp. NSO used a zero-click exploit in WhatsApp to target the users.